Filtered by vendor Cisco
Subscribe
Total
6547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0752 | 1 Cisco | 1 Telepresence Video Communication Server | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.
|
|||||
| CVE-2016-1477 | 1 Cisco | 1 Connected Streaming Analytics | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891.
|
|||||
| CVE-2015-0715 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.
|
|||||
| CVE-2014-2136 | 1 Cisco | 2 Webex Advanced Recording Format Player, Webex Recording Format Player | 2025-04-12 | 9.3 HIGH | N/A |
|
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCui72223, CSCul01163, and CSCul01166.
|
|||||
| CVE-2016-6424 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 6.1 MEDIUM | 6.5 MEDIUM |
|
The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942.
|
|||||
| CVE-2015-4286 | 1 Cisco | 1 Unified Computing System Central Software | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377.
|
|||||
| CVE-2014-2119 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance Firmware, Ironport Asyncos | 2025-04-12 | 8.5 HIGH | N/A |
|
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.
|
|||||
| CVE-2015-0628 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174.
|
|||||
| CVE-2015-4330 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 6.9 MEDIUM | N/A |
|
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.
|
|||||
| CVE-2015-6425 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.
|
|||||
| CVE-2014-2108 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
|
Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.
|
|||||
| CVE-2015-6348 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.
|
|||||
| CVE-2014-3374 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.
|
|||||
| CVE-2015-0760 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259.
|
|||||
| CVE-2014-2182 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 6.1 MEDIUM | N/A |
|
Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay is configured, allows remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 packet, aka Bug ID CSCun45520.
|
|||||
| CVE-2016-6457 | 1 Cisco | 19 Application Policy Infrastructure Controller, Nexus 92160yc-x, Nexus 92304qc and 16 more | 2025-04-12 | 6.1 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases ...
Show More |
|||||
| CVE-2014-2114 | 1 Cisco | 1 Emergency Responder | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.
|
|||||
| CVE-2016-1296 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.
|
|||||
| CVE-2014-8019 | 1 Cisco | 1 Enterprise Content Delivery System | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in Cisco Enterprise Content Delivery System (ECDS) allows remote attackers to read arbitrary files via a crafted URL, aka Bug ID CSCuo90148.
|
|||||
| CVE-2015-6407 | 1 Cisco | 1 Emergency Responder | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501.
|
|||||
| CVE-2015-4289 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.
|
|||||
| CVE-2014-3395 | 1 Cisco | 1 Webex Meetings Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to trigger the download of arbitrary files via a crafted URL, aka Bug ID CSCup10343.
|
|||||
| CVE-2014-3309 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.
|
|||||
| CVE-2014-2197 | 1 Cisco | 2 Unified Cdm Application Software, Unified Communications Domain Manager | 2025-04-12 | 9.0 HIGH | N/A |
|
The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which allows remote authenticated users to modify administrative credentials via a crafted URL, aka Bug ID CSCun49862.
|
|||||
| CVE-2014-8002 | 1 Cisco | 1 Openh264 | 2025-04-12 | 7.5 HIGH | N/A |
|
Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 1.2.0 and earlier allows remote attackers to execute arbitrary code via an encoded media file.
|
|||||
| CVE-2016-6364 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.
|
|||||
| CVE-2015-6357 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide an invalid package, and consequently execute arbitrary code, via a crafted certificate, aka Bug ID CSCuw06444.
|
|||||
| CVE-2016-1399 | 1 Cisco | 15 Ie-4000-16gt4g-e, Ie-4000-16t4g-e, Ie-4000-4gc4gp4g-e and 12 more | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, 15.2(2)EA2, and 15.2(4)EA on Industrial Ethernet 4000 devices and 15.2(2)EB and 15.2(2)EB1 on Industrial Ethernet 5000 devices allows remote attackers to cause a denial of service (packet data corruption) via crafted IPv4 ICMP packets, aka Bug ID CSCuy13431.
|
|||||
| CVE-2015-0659 | 1 Cisco | 1 Ios | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID CSCup62157.
|
|||||
| CVE-2015-0709 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348.
|
|||||
| CVE-2015-6307 | 1 Cisco | 1 Firepower | 2025-04-12 | 6.1 MEDIUM | N/A |
|
Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service (inspection-engine outage) via crafted packets, aka Bug ID CSCuu10871.
|
|||||
| CVE-2014-3391 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661.
|
|||||
| CVE-2016-1452 | 1 Cisco | 2 Asr 5000, Asr 5000 Software | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
|
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.
|
|||||
| CVE-2015-0640 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 7.8 HIGH | N/A |
|
The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cause a denial of service (device reload) via large IP packets that require NAT and HSL processing after fragmentation, aka Bug ID CSCuo25741.
|
|||||
| CVE-2016-6401 | 1 Cisco | 1 Carrier Routing System | 2025-04-12 | 5.7 MEDIUM | 5.3 MEDIUM |
|
Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS Carrier Grade Services for CRS-1 and CRS-3 devices, allows remote attackers to cause a denial of service (line-card reload) via crafted IPv6-over-MPLS packets, aka Bug ID CSCva32494.
|
|||||
| CVE-2016-6419 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
|
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.
|
|||||
| CVE-2014-3292 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.5 MEDIUM | N/A |
|
The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to (1) read or (2) delete arbitrary files via a crafted URL, aka Bug IDs CSCuo17302 and CSCuo17199.
|
|||||
| CVE-2015-6429 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a tunnel endpoint, aka Bug ID CSCuw08236.
|
|||||
| CVE-2015-0680 | 1 Cisco | 1 Unified Callmanager | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
|
|||||
| CVE-2014-3317 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.
|
|||||